"Oracle is aware of a flaw in Java software integrated with web browsers. The flaw is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications directly installed and running on servers, desktops, laptops, and other devices. A fix will be available shortly"

You can have your customers set the security settings in Java Control Panel to High or Very High.

Look on Youtube and you can find demonstrations of the simplicity required to exploit this vulnerability in Java 7 Update 10. Basically remotely gain a terminal command line session into the users machine.

Oracle has been aware of this bug since August / Sept 2012 but has elected to ignore it.

Oracle is the clever one there. All this hype about security risks, when was the last time you just -had- to run a Java applet in any kind of browser environment anyway? Its a slumbering side of the technology.

gimbal2 wrote:
Oracle is the clever one there. All this hype about security risks, when was the last time you just -had- to run a Java applet in any kind of browser environment anyway? Its a slumbering side of the technology.

Since the previous poster mentioned that they might have to switch to flash I would suspect that they did implement something in applets.